An extension to ISO/IEC 27001 and 27002 that adds requirements for a privacy information management system (PIMS).
ISO/IEC 27701 builds on an existing ISMS to cover the protection of personal data. It adds privacy-specific controls and maps them to roles as a data controller and processor.
For organizations subject to the GDPR, ISO/IEC 27701 offers a structured way to demonstrate privacy governance on top of their information security certification.
KaitoSec